AMENDMENTS TO THE CLAIMS: 



This listing of the claims will replace all prior versions, and listings, of the claims in this 
application. 

1. (Currently Amended) A virtual private network comprising: including an internal s e cured 
portion which conn e cts via at l e ast a first gat e way and a second gateway to an e xt e rnal portion, 
the network comprising: 

an internal secured portion; 
an external portion; 

a plurality of workstations including at least one mobile workstation node in the external portion; 
the at least a first gateway; and 

the at least a second gatewa y, where the internal secured portion connects via the first gateway 
and the second gateway to the external portion, and 

the network is configured to change the gateway, which the mobile node uses to communicate 
with the internal secured portion, from the first gateway to the second gateway in response to 
movement of the mobile node and in response to a receipt from the mobile node of a new care- 
of-address that is different from a first care-of-address. 

m e ans for automatically changing point through which th e mobil e workstation communicat e s 
with th e int e rnal portion of th e network from th e first gat e way to the s e cond gat e way, in r e spons e 
to mov e m e nt of th e mobil e workstation. 

2. (Currently Amended) A network as claimed in claim 1, further comprising configured to 
transfer m e ans for transf e rring context information usable by a gateway in communications with 
the mobile workstation node, to the second gateway. 

3. (Currently Amended) A network as claimed in claim 2, wherein the context information 
includes an identifier of the mobile workstation node . 

4. (Currently Amended) A network as claimed in claim 3 wherein the identifier is the a home 



8 



address of the mobile workstation node . 

5. (Currently Amended) A network as claimed in claim 2, wherein the context information 
includes material for defining secure communication means by which information is transferable 
securely between the mobile workstation node in the external portion of the network and the 
internal secured portion of the network, via the second gateway. 

6. (Currently Amended) A network as claimed in claim 5, wherein the secure communication 
means is a security association pair between the second gateway and the mobile workstation 
node . 

7. (Currently Amended) A network as claimed in claim 2, wherein the context information is 
transferred from a location that th e transf e r means is physically separate from the first gateway. 

8. (Currently Amended) A network as claimed in claim 2, wh e rein th e transfer moans further 
configured to additionally transfers transfer information to the mobile workstation node for 
enabling communications between the mobile workstation node and the second gateway. 

9. (Currently Amended) A network as claimed in claim 8 wherein the information transferred to 
the mobile workstation node enables secure communication means by which information is 
transferable securely between the mobile workstation node in the external portion of the network 
and the internal secured portion of the network, via the second gateway. 

10. (Currently Amended) A network as claimed in claim 9, wherein the secure communication 
means is a security association pair between the mobile workstation node and the second 
gateway. 

11. (Currently Amended) A network as claimed in claim 8, wherein the information transferred to 
the mobile workstation node comprises fee an address of the second gateway. 

12. (Currently Amended) A network as claimed in claim 8, wherein the information transferred to 
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the mobile workstation node is transferred between the first gateway and the mobile workstation 
using an existing security association between the mobile workstation node and the first gateway. 

13. (Currently Amended) A network as claimed in claim 1 wherein the second gateway comprises 
one or more databases which are updated to enable the internal secured portion of the network 
and the mobile workstation node in the external portion of the network to communicate via the 
second gateway. 

14. (Currently Amended) A network as claimed in claim 13, wherein the one or more databases 
are a S e curity Policy Databas e security policy database and a S e curity Association Database 
security association database . 

15. (Currently Amended) A network as claimed in claim 1 wherein the mobile workstation node 
comprises one or more databases which are updated to enable the internal secured portion of the 
network and the mobile workstation node in the external portion of the network to communicate 
via the second gateway. 

16. (Currently Amended) A network as claimed in claim 15, wherein the one or more databases 
are a S e curity Policy Database security policy database and a S e curity Association Databas e 
security association database . 

17. (Currently Amended) A network as claimed in claim 1 furth e r comprising location detection 
means for d e t e cting further configured to detect the a present location of the mobile workstation 
node and initiating initiate a change in the point gateway through which the mobile workstation 
node communicates with the internal secured portion of the network, from the first gateway to a 
better gateway. 

18. (Currently Amended) A network as claimed in claim 17, wherein the better gateway is better 
because it is either closer to the mobile workstation node and/or it is optimal for routing existing 
sessions. 
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19. (Cancelled) 



20. (Cancelled) 

21. (Cancelled) 

22. (Currently Amended) A network as claimed in claim 17, wh e r e in th e location d e t e ction 
m e ans further configured to detect a present location from a source that is separate from the first 
gateway. 

23. (Currently Amended) A network as claimed in claim 22, wh e r e in th e transf e r m e ans further 
configured to transfer information from a source that is physically separate from the first 
gateway and wherein the location d e tection means and transf e r moans source to transfer 
information and the source to detect a present location are housed together. 

24. (Previously Presented) A network as claimed in claim 1 wherein the first gateway and the 
second gateway are in distinct physically separated segments of the network. 

25. (Currently Amended) A network as claimed in claim 1, wherein the mobile workstation node 
communicates with the internal secured portion of the network via the first gateway and also via 
the second gateway simultaneously for a transition period, before communicating via the second 
gateway only. 

26. (Currently Amended) A network as claimed in claim 1 wherein the mobile workstation node 
is involved in a session with a correspondent node. 

27. (Currently Amended) A network as claimed in claim 26, wherein the correspondent node is 
located in the internal secured portion of the network and the mobile workstation node is located 
in the external portion of the network. 

28. (Currently Amended) A method comprising: of optimizing the rout e by which information 
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trav e ls b e tw e en a mobilo nod e in an e xt e rnal portion of a n e twork and a correspondent nodo in 
an int e rnal portion of a n e twork, comprising tho stops of: 

determining when a first serving gateway through which the a mobile node communicates from 
an external portion of a network with an the internal secured portion of the network, is sub- 
optimal; 

identifying a second gateway; and 

in response to the mobile node moving and sending a new care-of-address that is different from a 
first care-of-address to the first serving gateway, transferring th e point the gateway through 
which the mobile node communicates with the internal portion of the network from the first 
serving gateway to the second gateway. 

29. (Currently Amended) A mobile workstation node for connecting to an external portion of a 
n e twork that includ e s an int e rnal s e cur e d portion conn e cted, via a first gateway and a second 
gat e way to th e external portion, comprising: configured to m e ans arranged to receive, via the a 
first secure communication means, an identifier of a second gateway; and 

m e ans arranged and further configured to change from communicating with the internal secured 
portion of the network through the first gateway to communicating via the second gateway, in 
response to moving and sending a new care-of-address that is different from a first care-of- 
address to the first gateway . 

30. (Currently Amended) A mobilo workstation T he network as claimed in claim 23, further 
comprising moans configured for using a first secure communication means by which 
information is transferable securely between the internal secured portion of the network and the 
mobile workstation node via the first gateway, to receive fee an identifier of the second gateway. 

31. (Currently Amended) A mobilo workstation T he network as claimed in claim 23, further 
comprising m e ans configured for using a second secure communication means to transfer 
information securely between the internal secured portion of the network and the mobile 
workstation node via the second gateway. 
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32. (New) A method comprising: 

moving in an external portion of a network, where the network comprises an internal secured 

portion, the external portion, at least a first gateway, and at least a second gateway; 

obtaining a location identifier, where the location identifier comprises a new care-of-address 

different from a first care-of-address; 

sending the new care-of-address to the first gateway; and 

in response to receiving an acknowledgement from the second gateway, communicating via the 
second gateway. 

33. (New) A method comprising: 

receiving a new care-of-address that is different from a first care-of-address from a mobile node 
that has moved in a network; and 

updating a location database in order to change an identification of a gateway that the mobile 
node uses to communicate from an external portion of the network to an internal secured portion 
of the network. 

34. (New) An apparatus configured to: 

receive a new care-of-address that is different from a first care-of-address from a mobile node 
that has moved in a network; and 

update a location database in order to change an identification of a gateway that the mobile node 
uses to communicate from an external portion of the network to an internal secured portion of the 
network. 
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